1. Field of the Technology
The present invention relates to the field of communications, and particularly to a method for transferring network event protocol messages.
2. Background of the Invention
SYSLOG (network event protocol) is an event delivery protocol widely used in various network operation systems, such as Microsoft Windows, Unix and Linux, etc.
The SYSLOG protocol works in a Client-Server mode for communication, and the Client is the sender while the Server is the receiver of an event message. The Client may be an event generator such as equipment or a procedure, and it also may be a relay entity which processes the SYSLOG event received from another sender (an event generator or other relay entities) and then sends the processed event to another receiver.
The SYSLOG protocol is a simplex communication protocol, that is, the event message is only sent from the sender to the receiver, and the receiver does not send any acknowledgement, “connect start”, “connect close” message or the like, i.e., the receiver never sends any message to the sender in the layer of SYSLOG protocol (however, bi-directional communication may be needed for the transport protocol in the lower layer).
The SYSLOG protocol is a text-based protocol in which all parameter names and parameter values are text, and uses of the characters with code value less than 32 in ASCII code are avoided, that is, uses of the control character are avoided. A SYSLOG message may be simply taken as a text block from the view of the lower layer transfer protocol.
At present, User Datagram Protocol (UDP) is generally used to transfer a SYSLOG message. As UDP is used to transfer a SYSLOG message, each UDP message can only transfer one SYSLOG message according to the relationship between the length of a SYSLOG message and that of a UDP message. The protocol stack for a UDP based SYSLOG message transfer is shown in part A of the schematic diagram of the SYSLOG protocol stack structure in FIG. 1.
However, UDP is an unreliable connectionless protocol in spite of its simplicity and flexibility. Losses may occur during message transfer based on UDP, and such matters as “packet loss” are not handled by the SYSLOG message, thus the loss of the event information may occur while the UDP is used to transfer a SYSLOG message. As a reliable connection-oriented protocol, a transfer control protocol (TCP) may be used to transfer the SYSLOG message so as to improve the reliability of data transfer. A protocol stack for a TCP-based SYSLOG message transfer is shown in part B of the schematic diagram of the SYSLOG protocol stack structure in FIG. 1.
At present, the Internet security is increasingly critical for stably running the network; similarly, the SYSLOG protocol also faces security problems as following:
1. information falsification: the SYSLOG message may be falsified by a malicious intermediate network node during transfer.
2. information leakage: the SYSLOG message may be intercepted illegally during transfer, and information in the SYSLOG message, such as the description information of an event, is taken.
3. identity spoofing: a malicious node imitating as a legal node participates in the communication of SYSLOG.
In order to solve the security problems of the SYSLOG message transfer, the SYSLOG message may be transferred over such secure protocols as Transport Layer Security protocol (TLS), BEEP (a TCP based secure protocol) and Secure SHell protocol (SSH), all of which can provide such safety mechanisms as privacy, integrity and data source verification so that the security problems of the SYSLOG message can be solved. A protocol stack for transferring the SYSLOG message based on TCP or secure protocols is shown in part C of the schematic diagram of SYSLOG protocol stack structure in FIG. 1.